MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URL that redirects to a suspicious domain, likely serving as a lure for phishing or malware distribution. The document body, though partially corrupted, suggests a pretext related to learning Arabic, which is used to mask the malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.8693
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/strik?utm_term=how+to+learn+arabic+language+free PDF link annotation
- https://cdn.sqhk.co/futidiwe/ehhWhhH/zopobepuruxav.pdfIn PDF document text
- https://cdn.sqhk.co/bosesegivu/m4SWifJ/mofesolonezudazupemobov.pdfIn PDF document text
- https://cdn.sqhk.co/pabelewexo/xcgiljb/2129711229.pdfIn PDF document text
- https://cdn.sqhk.co/fenazijeguk/vNja7if/xamapumomowavepubasi.pdfIn PDF document text
- https://cdn.sqhk.co/gadewekunel/vRjhVvo/mavududilumikewojolisew.pdfIn PDF document text
- https://cdn.sqhk.co/devisojop/jeo8heJ/32140636952.pdfIn PDF document text
- https://cdn.sqhk.co/luzorisu/Gjifhih/tangle_teezer_walmart_usa.pdfIn PDF document text
- https://cdn.sqhk.co/lesepivir/ij9F1pZ/barbie_unicorn_pet_doctor_uk.pdfIn PDF document text
- https://cdn.sqhk.co/dukasavubu/ihhoDjh/swing_state_senate_polls_2020.pdfIn PDF document text
- https://cdn.sqhk.co/wujukipako/Tjeogjx/94779926762.pdfIn PDF document text
- https://cdn.sqhk.co/dixejetafap/BBjjja4/muscle_clicker_gym_game.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4417530/normal_5fe02e867943a.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/lurutopobi/application_file_manager_android.pdfIn PDF document text
- https://s3.amazonaws.com/rodakarugupoko/u._k._g_class_full_form.pdfIn PDF document text
- https://s3.amazonaws.com/vitelitubovuluj/manganese_bronze_valve_guides.pdfIn PDF document text
- https://s3.amazonaws.com/tufujifinobiro/91751701877.pdfIn PDF document text
- https://s3.amazonaws.com/paropabaru/98644370717.pdfIn PDF document text
- https://s3.amazonaws.com/zunewidimem/menijubuwakomurogafozif.pdfIn PDF document text
- https://s3.amazonaws.com/rodigapigeta/89234938267.pdfIn PDF document text
- https://s3.amazonaws.com/wujixus/korean_drama_free_app.pdfIn PDF document text
- https://s3.amazonaws.com/tokatefozude/python_map_dictionary_keys_to_list.pdfIn PDF document text
- https://s3.amazonaws.com/kokesatodixon/49311933643.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off00012a7c.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x12A7C | 8357 bytes |
SHA-256: 89f413bf91ff234e0b6e0507ad457cfdb75f4f2ad52bfbf51cf030a3e36d3ebe |
|||
font_00_sfnt_off0000f41f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF41F | 5064 bytes |
SHA-256: 983c2a3a876e89c5a061413974a00bc29c77bef825a0f6b52850fcde70c850da |
|||
font_01_sfnt_off00010580.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10580 | 10816 bytes |
SHA-256: cf716d8bbbfcc6b5da725945e3014a1f13c2f28dac7ff72c6cc9b835f686a0a4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.